According to newly declassified court orders from the Foreign Intelligence Surveillance Court (FISC), the National Security Agency was (and may still be) tipping off the FBI at least two to three times per day going back at least to 2006.

The new documents are heavily redacted orders from FISC to the FBI. These items request that the court order an entity (likely a business) to provide “tangible things” under Section 215 of the PATRIOT Act. The documents do not refer to who the target is, nor which company or organization they apply to.

"The Court understands that NSA expects that it will continue to provide on average approximately three telephone identifiers per day to the FBI,” reads a footnote in a 2007 court order (PDF) authored by FISC Judge Frederick Scullin, Jr.

A similar footnote from a November 2006 court order refers to “two telephone numbers.” The “three” figure was continued until documents from March 2009, when the specific language changed to simply “information.” That month appears to have been a turning point between intelligence agencies and the FISC.

"Reasonable, articulable suspicion"

As we reported after the August 2013 release of declassified court documents, Judge Reggie Walton lambasted the government’s mistakes on the business records metadata collection program.

Further Reading

According to his newly released March 2009 FISC order (PDF), the court required the NSA to only access the vast metadata archive when there is a “reasonable, articulable suspicion [RAS] that the telephone identifier is associated with [REDACTED]” as of February 2009. (Presumably that association has something to do with a terrorism or national security threat.)

That same 2009 FISC order says that the government had not lived up to the court’s requirements.

Before the FISC’s initial authorization of the metadata sharing program in May 2006, the NSA developed an "alert list process" that compared telephone numbers to incoming data from its "business record (BR)" collection.

Thus, since the earliest days of the FISC-authorized collection of call-detail records by the NSA, the NSA has, on a daily basis, accessed the BR metadata for purposes of comparing thousands of non-RAS approved telephone identifiers on its alert list against the BR metadata in order to identify any matches. Such access was prohibited by the governing minimization procedures under each of the relevant Court orders, as the government concedes in its submission.

The government’s submission suggests that its non-compliance with the Court’s orders resulted from a belief by some personnel within the NSA that some of the Court’s restrictions on access to the BR metadata applied only to “archived data,” i.e., data residing within certain databases at the NSA. That interpretation of the Court’s Orders strains credulity. It is difficult to imagine why the Court would intend the applicability of the RAS requirements—a critical component of the procedures proposed by the government and adopted by the Court—to turn on whether or not the data being access has been “archived” by the NSA in a particular database at the time of the access. Indeed, to the extent that the NSA makes the decision about where to store incoming BR metadata and when the archiving occurs, such an illogical interpretation of this Court’s Orders renders compliance with the RAS requirement merely optional.

Watching the watchers

The newly declassified court orders from last Friday appear to indicate that while the FBI is being granted the order, it is in fact the NSA that is obtaining and analyzing the information first before handing it over to the FBI.

The judge also outlined data handling procedures that the agencies had to follow.

More specifically, access to the archived data shall only occur when NSA has identified a known telephone number for which, based on the factual and practical considerations of everyday life on which reasonable and prudent persons act, there are facts giving rise to a reasonable, articulable suspicion that the telephone number is associated with [REDACTED]; provided however, that a telephone number believed to be used by a US person shall not be regarded as associated with [REDACTED] solely on the basis of activities that are protected by the First Amendment to the Constitution.

The document continues, noting that all “meta data shall be stored and processed on a secure private network that NSA exclusively will operate,” that the software interface to the archive would be controlled by username and password, and that “when the meta data archive is accessed, the user’s login, Internet Protocol address, date and time, and retrieval request shall be automatically logged for auditing capability. NSA’s Office of General Counsel (OGC) shall monitor the functioning of this automatic logging capability.”

Further Reading

New declassifed documents show legal arguments over bulk metadata collection.

Judge Scullin also required NSA OGC to “conduct random spot checks, consisting of an examination of a sample of call-detail records obtained, to ensure that NSA is receiving only data as authorized by the Court and not receiving the substantive content of communications.”

“I am not sure it tells us anything new but rather adds more confirmation to a widely suspected and occasionally confirmed technique of law enforcement following intelligence leads and then reverse-engineering a paper trail to use in court," Fred Cate, a law professor at Indiana University, told Ars. “Some people have even speculated that the multiplicity of overlapping NSA surveillance programs are intended to provide cover programs that provide a more legitimate basis for data found through other programs.”

However, others pointed out that in the absence of further information as to how exactly the NSA’s information is sent to the FBI, and under what circumstances, it’s impossible to know precisely what’s going on.

“Furthermore, given how broadly it's possible to define the word ‘tip,’ we have no information on how useful those thousand tips were,” Brian Pascal, a research fellow at the University of California Hastings College of the Law, told Ars. “Both intelligence and law enforcement organizations receive many, many tips, and a large part of their job is separating the signal from the noise.

“As far as parallel construction goes, the only thing I can say for certain is that if one records a sufficiently large number of dots, then it's possible to connect them to draw any number of pictures. This is not always the result of nefarious intentions—it can happen unintentionally too. Think about all the people who were improperly placed on watchlists due to conclusions reached by some opaque algorithm.”